Trisul Network Analytics Blog

Tech tips and tricks from the world of network traffic and security monitoring

We recently had an incident where TRP Scripting came to our rescue. I just want to share this with other Trisul users who might want to look at automation of Network and Security Monitoring more.

The customer is a cloud provider who has been running Trisul for a few months now. There was an incident this past week and their team asked us if they could get the following data out of Trisul.

Can I have PCAPs for this host from Jan 2014 – one per day ?

Now you can easily get them a days worth of PCAP from the web UI by Retro → Retro Tools → Pull Packets But try doing this 31 times, one for each day in January. This is tedious work. So we quickly wrote up a tiny script in Ruby using the trisulrp gem to accomplish the task.

The daypcaps.rb script prompts you for a month and saves each days packets neatly into a separate PCAP file.